package com.lizeng.manage.web.interceptor;

import java.lang.reflect.Method;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.ModelAndViewDefiningException;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.lizeng.manage.permission.Permissions;
import com.lizeng.manage.pojo.JuriGroup;
import com.lizeng.manage.pojo.UserGroup;
import com.lizeng.manage.pojo.Users;
import com.lizeng.manage.utils.ManageUtils;


/**
 * 系统拦截器 拦截所有请求
 * 
 * @author 符冬
 * 
 */
public class PermissionInterceptor extends HandlerInterceptorAdapter {

	@Override
	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {

		String uri = request.getRequestURI();
		if (uri.indexOf("/login/") != -1) {
			Users user = (Users) request.getSession().getAttribute(
					ManageUtils.LOGIN_USER);
			if (user == null) {
				request.setAttribute("url", "users/loginUI.do");
				throw new ModelAndViewDefiningException(new ModelAndView(
						"common/redirect"));
			} else {
				/**
				 * 权限拦截
				 */
				Class clazz = handler.getClass();
				if (clazz.isAnnotationPresent(Controller.class)) {
					Method[] mthds = clazz.getMethods();
					for (Method m : mthds) {
						if (m.isAnnotationPresent(Permissions.class)
								&& m.isAnnotationPresent(RequestMapping.class)) {
							RequestMapping rm = m
									.getAnnotation(RequestMapping.class);
							String[] vls = rm.value();
							String tpuri=uri;
							if (vls[0].indexOf(".") == -1) {
								tpuri = uri.substring(0, uri.indexOf("."));
							}
							if (tpuri.endsWith(vls[0])) {
								boolean hasp = false;
								Permissions pm = m
										.getAnnotation(Permissions.class);
								String acvl = pm.value();
								List<UserGroup> uglist = (List<UserGroup>) request
										.getSession()
										.getAttribute(
												ManageUtils.INIT_RB
														.getString("user.group"));
								List<JuriGroup> jglist = (List<JuriGroup>) request
										.getSession()
										.getAttribute(
												ManageUtils.INIT_RB
														.getString("group.perm"));
								for (UserGroup ug : uglist) {
									JuriGroup jg = new JuriGroup();
									jg.setGroupId(ug.getGroupId());
									jg.setActionValue(acvl);
									if (jglist.contains(jg)) {
										hasp = true;
										break;
									}
								}

								if (!hasp) {

									request.setAttribute("message",
											"你无权操作此功能！！！");
									throw new ModelAndViewDefiningException(
											new ModelAndView("common/message"));

								}

							}

						}
					}
				}
			}
		}

		return super.preHandle(request, response, handler);
	}

}
